Interesting People mailing list archives
more on Confirmed: Twitter DNS diversion used Twitter login credentials
From: Dave Farber <dave () farber net>
Date: Fri, 18 Dec 2009 19:03:32 -0500
Begin forwarded message:
From: "Ed Gerck, Ph.D." <egerck () nma com> Date: December 18, 2009 5:09:54 PM EST To: dave () farber net Cc: ip <ip () v2 listbox com>Subject: Re: [IP] more on Confirmed: Twitter DNS diversion used Twitter login credentials
[Dave: Greetings! For IP if you wish]It is interesting to consider that apparently a single username/password pair was able to take Twitter's entire Web site effectively offline globally.Twitter has used a weak password before (google: Another Security Tip For Twitter: Don’t Use "Password" As Your Server Password), so t his may be just the same.Yes, the problem is pervasive with username/password authentication, but why don't people use certificate-based access authentication?In search for feedback on solutions, I'd like to invite IP'ers to take five minutes and go over these and other frequently asked questions in the paper, and leave comments, at www.email-security.net/papers/takefive.htmCheers, Ed Gerck www.gerck.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- more on Confirmed: Twitter DNS diversion used Twitter login credentials Dave Farber (Dec 18)
- <Possible follow-ups>
- more on Confirmed: Twitter DNS diversion used Twitter login credentials Dave Farber (Dec 18)
- more on Confirmed: Twitter DNS diversion used Twitter login credentials Dave Farber (Dec 18)